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AMENDMENTS TO THE CLAIMS : 

This listing of claims will replace all prior versions, 
and listings, of claims in the application: 
LISTING OF CLAIMS : 

1-21 . (canceled) 

22. (new) System for data processing a security 
critical activity in a secure management mode in a computer, the 
system comprising : 

a computer comprising a computer processor, a computer 
bus, a bridge, a main memory, and a plurality of handling devices 
connecting to the computer processor via the bridge, the main 
memory being one of the plural handling devices; 

a security device comprising a security device 
processor with a protection mode signal generator (SGpm) and an 
alter signal generator (SGa) , the security device processor 
connected to the bridge; 

a switch connected between the bridge and each handling 
device, the switch containing a table of addresses to different 
ones of the handling devices including parts of the handling 
devices, and a comparator, the table having accessibility 
allocations specifying handling devices or the parts thereof 
allocated only to the security device and allocated to the 
computer processor operating in a normal mode, the table of the 
switch being changeable only under control of signals generated 
by the security device; and 
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an alter signal receiver (SRa) , a source signal 
receiver (SRs) , and a protection mode signal receiver (SRpm) 
connected to the switch, wherein, 

the switch is connected to address lines and to 
operation lines of the bus, 

the switch is configured for i) a first normal mode 
wherein the computer processor has access to a first group of the 
handling devices, and ii) a second protected mode wherein the 
computer processor is denied access to the first group of 
handling devices and the security processor is allowed access to 
the first group of handling devices and to execute a security 
critical activity with the first group of handling devices, 

said signals from the security device, enabling the 
security device and the security processor access to the handling 
devices and denying the computer processor access to the handling 
devices, changes the switches from the first normal mode into the 
second protection mode, and 

the computer processor and the security device 
processor are separate processors. 

23. (new) The system of claim 22, wherein to enter the 
secure management mode, i) the protection mode signal generator 
issues a request signal to the protection mode signal receiver, 
and ii) based on information in the table, access by the computer 
processor to the handling devices is withdrawn and access to the 



3 



Docket No. 1515-1013 
Appln. No. 09/889,126 

handling devices or the parts thereof is solely limited to the 
security device processor. 

24. (new) The system of claim 22, further comprising: 
a director connected to the switch and connected to 

each handling device, wherein, 

the director is connected to the address lines and to 
the operation lines of the bus. 

25. (new) The system of claim 24, wherein, 

each switch further comprises an enable-abort line, and 
the director is connected to the switch via the enable-abort 
line . 

26. (new) The system of claim 22, wherein, 

only the security device can change contents of the 
table, the security device configured so that the alter signal 
generator sends an alter signal to the alter signal receiver to 
alter the contents of the table. 

27. (new) The system of claim 22, wherein, 

the handling device comprises a first part of the main 
memory and a second part of the main memory, 

one of the switches is connected between the first and 
second parts of the main memory and the bridge, 
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in the normal mode, the contents of the table allows 
access to the first part of the main memory to the security 
device processor and allows access to the second part of the main 
memory to the computer processor, and 

in the secure management mode, the contents of the 
table allows access to the first and second parts of the main 
memory to only the security device processor. 



28 . (new) The system 
switch further controls access 
memory based on a source making 



of claim 27, wherein, the one 
to the second part of the main 
the access request . 



29. (new) The system of claim 22, wherein, 

the handling device comprises a screen controller of a 

monitor , 

one of the switches is connected between the screen 
controller and the bridge, 

in the normal mode, the contents of the table allows 
the computer processor full access, via the controller, to the 
monitor, and 

in the secure management mode, the contents of the 
table denies the computer processor complete access to the 
monitor, or parts thereof, and allows the security device 
processor access to a part of the monitor denied to the computer 
processor . 
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30. (new) The system of claim 22, wherein, 

each handling device is one of a part of the main 
memory, a hard disk, a keyboard, a monitor, a card slot, a mouse, 
floppy drive, and a smart card reader. 

31. (new) The system of claim 22, wherein, 
there are plural bridges, and 

at least one bridge is one of a Host-PCI bridge and a 
E-ISA bridge. 



32. (new) The system of claim 22, wherein, 
the security device processor is configured to i) run 
the normal mode with access to a second group of the handling 
devices, and ii) run the security critical activity in the secure 
management mode with access to both the first and second groups 
of the handling devices, and 

the switch is configured to control access to each 
handling device by the comparator checking an access request from 
the computer processor and the security device processor with the 
accessibility allocations in the table, a positive checking 
result by the comparator directing data and operation signals to 
and from the accessed handling device. 
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33 . (new) System for data processing a security- 
critical activity .in a secure management mode in a computer, the 
system comprising: 

a computer comprising a computer processor, a bridge, 
and a main memory connected to the computer processor via the 
bridge / 

a security device comprising a security device 
processor with a protection mode signal generator (SGpm) , the 
security device processor connected to the bridge; 

a switch connected between the bridge and the main 
memory, the switch containing an information table and a 
comparator, the table having accessibility allocations specifying 
parts of the main memory allocated only to the security device 
and other parts of the main memory allocated to the computer 
processor operating in a normal mode, 

the table of the switch being changeable only under 
control of signals generated by the security device; and 

signal receivers connected to the switch, wherein, 

the switch is connected to address lines and to 
operation lines of the computer, 

the switch is configured for i) a first normal mode 
wherein the computer processor has access to a first part of the 
main memory, and ii) a second protected mode wherein the computer 
processor is denied access to the first part of the main memory 
and the security processor is allowed access to the first part of 
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the main memory and to execute a security critical activity with 
the first part of the main memory, 

said signals from the security device, enabling the 
security device and the security processor access to the main 
memory and denying the computer processor access to the main 
memory, changes the switches from the first normal mode into the 
second protection mode, and 

the computer processor and the security device 
processor are separate processors. 

34. (new) The system of claim 33, wherein, 
the security device processor is configured to i) run 
the normal mode with access to a second part of the main memory, 
and ii) run the security critical activity in a secure management 
mode with access to both the first and second parts of the main 
memory, and 

the switch is configured to control access to each part 
of the main memory by the comparator checking an access request 
from the computer processor and the security device processor 
with the accessibility allocations in the table, a positive 
checking result by the comparator directing data and operation 
signals to and from the accessed parts of the main memory. 



8 



Docket No. 1515-1013 
Appln. No. 09/889,126 

35. (new) The system of claim 33, wherein, 
the security device processor is configured to i) run 
the normal mode with access to a second part of the main memory, 
and ii) run the security critical activity in a secure management 
mode with access to both the first and second parts of the main 
memory . 

36. (new) System for data processing a security 
critical activity in a secure management mode in a computer, the 
system comprising: 

a computer comprising a computer processor, computer 
bus, a main memory, a connecting element connecting the computer 
processor to the main memory; 

a security device comprising a security device 
processor with a protection mode signal generator (SGpm) and an 
alter signal generator (SGa) , the security device processor 
connected by the connecting element to the main memory; 

a switch connected between the connecting element and 
the main memory, the switch containing a table and a comparator, 
the table having accessibility allocations for the security 
device and for the computer processor, 

the switch being changeable only under control of 
signals generated by the security device,* and 
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an alter signal receiver (SRa) , a source signal 
receiver (SRs) , and a protection mode signal receiver (SRpm) 
connected to the switch, wherein, 

the switch is connected to address lines and to 
operation lines of the bus, 

the switch is configured for i) a first normal mode 
wherein the computer processor has access to a first part of the 
main memory, and ii) a second protected mode wherein the computer 
processor is denied access to the first part of the main memory 
and the security processor is allowed access to the first part of 
the main memory to execute a security critical activity with the 
first part of the main memory, 

said signals from the security device, enabling the 
security device and the security processor access to the main 
memory and denying the computer processor access to the main 
memory, changes the switches from the first normal mode into the 
second protection mode, and 

the computer processor and the security device 
processor are separate processors. 

37. (new) The system of claim 36, wherein, 
there are plural connecting elements, and 
the switch is configured to control access to each part 
of the main memory by the comparator checking an access request 
from the computer processor and the security device processor 
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with the accessibility allocations in the table, a positive 
checking result by the comparator directing data and operation 
signals to and from the accessed handling device. 
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